mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-19 11:07:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

formatting changes

Browse Source
This commit is contained in:
Brian Carrier 2018-03-05 18:40:46 -05:00
parent fb9afff815
commit 82c72d2a3c
1 changed files with 87 additions and 84 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

171
Core/src/org/sleuthkit/autopsy/datasourceprocessors/VolatilityProcessor.java
View File

@ -41,7 +41,6 @@ import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.casemodule.services.Blackboard; import org.sleuthkit.autopsy.casemodule.services.Blackboard;
import org.sleuthkit.autopsy.casemodule.services.FileManager; import org.sleuthkit.autopsy.casemodule.services.FileManager;
import org.sleuthkit.autopsy.corecomponentinterfaces.DataSourceProcessorProgressMonitor; import org.sleuthkit.autopsy.corecomponentinterfaces.DataSourceProcessorProgressMonitor;
import org.sleuthkit.autopsy.coreutils.ExecUtil;
import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.autopsy.coreutils.PlatformUtil; import org.sleuthkit.autopsy.coreutils.PlatformUtil;
import org.sleuthkit.autopsy.ingest.IngestServices; import org.sleuthkit.autopsy.ingest.IngestServices;
@ -209,75 +208,77 @@ class VolatilityProcessor implements Runnable{
} }
private void lookupFiles(Set<String> fileSet, String pluginName) { private void lookupFiles(Set<String> fileSet, String pluginName) {
try {
if (isCancelled)
return;
Blackboard blackboard = Case.getCurrentCase().getServices().getBlackboard();
for (String file : fileSet) { Blackboard blackboard;
File volfile = new File(file); try {
String fileName = volfile.getName().trim(); blackboard = Case.getCurrentCase().getServices().getBlackboard();
// if there is no extension, add a wildcard to the end }
if (fileName.contains(".") == false) { catch (Exception ex) {
fileName = fileName + ".%"; // case is closed ??
} return;
}
String filePath = volfile.getParent();
if (filePath != null && !filePath.isEmpty()) {
// strip C:
if (filePath.contains(":")) {
filePath = filePath.substring(filePath.indexOf(":")+1);
}
filePath = filePath.replaceAll("\\\\", "/");
} else {
filePath = "";
}
try {
List<AbstractFile> resolvedFiles;
if (filePath.isEmpty()) {
resolvedFiles = fileManager.findFiles(fileName); //NON-NLS
}
else {
resolvedFiles = fileManager.findFiles(fileName, filePath); //NON-NLS
}
resolvedFiles.forEach((resolvedFile) -> {
try {
String MODULE_NAME = "VOLATILITY";
BlackboardArtifact volArtifact = resolvedFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT);
BlackboardAttribute att1 = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, MODULE_NAME,
"Volatility Plugin " + pluginName);
BlackboardAttribute att2 = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT, MODULE_NAME,
"Volatility Plugin " + pluginName);
volArtifact.addAttribute(att1);
volArtifact.addAttribute(att2);
try { for (String file : fileSet) {
// index the artifact for keyword search if (isCancelled) {
blackboard.indexArtifact(volArtifact); return;
} catch (Blackboard.BlackboardException ex) { }
logger.log(Level.SEVERE, "Unable to index blackboard artifact " + volArtifact.getArtifactID(), ex); //NON-NLS
} File volfile = new File(file);
String fileName = volfile.getName().trim();
// fire event to notify UI of this new artifact // if there is no extension, add a wildcard to the end
services.fireModuleDataEvent(new ModuleDataEvent(MODULE_NAME, BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT)); if (fileName.contains(".") == false) {
} catch (TskCoreException ex) { fileName = fileName + ".%";
logger.log(Level.SEVERE, "Failed to create BlackboardArtifact.", ex); // NON-NLS }
} catch (IllegalStateException ex) {
logger.log(Level.SEVERE, "Failed to create BlackboardAttribute.", ex); // NON-NLS String filePath = volfile.getParent();
} if (filePath != null && !filePath.isEmpty()) {
}); // strip C:
); if (filePath.contains(":")) {
} catch (TskCoreException ex) { filePath = filePath.substring(filePath.indexOf(":") + 1);
//String msg = NbBundle.getMessage(this.getClass(), "Chrome.getHistory.errMsg.errGettingFiles"); }
logger.log(Level.SEVERE, "Error in Finding FIles", ex); filePath = filePath.replaceAll("\\\\", "/");
return; } else {
} filePath = "";
}
try {
List<AbstractFile> resolvedFiles;
if (filePath.isEmpty()) {
resolvedFiles = fileManager.findFiles(fileName); //NON-NLS
} else {
resolvedFiles = fileManager.findFiles(fileName, filePath); //NON-NLS
}
resolvedFiles.forEach((resolvedFile) -> {
try {
String MODULE_NAME = "VOLATILITY";
BlackboardArtifact volArtifact = resolvedFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT);
BlackboardAttribute att1 = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, MODULE_NAME,
"Volatility Plugin " + pluginName);
BlackboardAttribute att2 = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT, MODULE_NAME,
"Volatility Plugin " + pluginName);
volArtifact.addAttribute(att1);
volArtifact.addAttribute(att2);
try {
// index the artifact for keyword search
blackboard.indexArtifact(volArtifact);
} catch (Blackboard.BlackboardException ex) {
logger.log(Level.SEVERE, "Unable to index blackboard artifact " + volArtifact.getArtifactID(), ex); //NON-NLS
}
// fire event to notify UI of this new artifact
services.fireModuleDataEvent(new ModuleDataEvent(MODULE_NAME, BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT));
} catch (TskCoreException ex) {
logger.log(Level.SEVERE, "Failed to create BlackboardArtifact.", ex); // NON-NLS
} catch (IllegalStateException ex) {
logger.log(Level.SEVERE, "Failed to create BlackboardAttribute.", ex); // NON-NLS
}
});
} catch (TskCoreException ex) {
//String msg = NbBundle.getMessage(this.getClass(), "Chrome.getHistory.errMsg.errGettingFiles");
logger.log(Level.SEVERE, "Error in Finding FIles", ex);
return;
} }
} catch (Exception ex) {
logger.log(Level.SEVERE, "Error in processing List of FIles", ex); //NON-NLS
} }
} }
@ -512,29 +513,30 @@ class VolatilityProcessor implements Runnable{
} }
private Set<String> parse_Cmdline(File PluginFile) { private Set<String> parse_Cmdline(File PluginFile) {
String line;
Set<String> fileSet = new HashSet<>(); Set<String> fileSet = new HashSet<>();
int counter = 0; int counter = 0;
try { // read the first line from the text file
BufferedReader br = new BufferedReader(new FileReader(PluginFile)); try (BufferedReader br = new BufferedReader(new FileReader(PluginFile))) {
// read the first line from the text file String line;
while ((line = br.readLine()) != null) { while ((line = br.readLine()) != null) {
if (line.length() > 16) { if (line.length() > 16) {
String TAG = "Command line : "; String TAG = "Command line : ";
if (line.startsWith(TAG)) { if (line.startsWith(TAG)) {
counter = counter + 1; counter = counter + 1;
// Command line : "C:\Program Files\VMware\VMware Tools\vmacthlp.exe"
String file_path; String file_path;
// Command line : "C:\Program Files\VMware\VMware Tools\vmacthlp.exe"
// grab whats inbetween the quotes
if (line.charAt(TAG.length()) == '\"') { if (line.charAt(TAG.length()) == '\"') {
file_path = line.substring(TAG.length()+1); file_path = line.substring(TAG.length() + 1);
if (file_path.contains("\"")) { if (file_path.contains("\"")) {
file_path = file_path.substring(0, file_path.indexOf("\"")); file_path = file_path.substring(0, file_path.indexOf("\""));
} } else {
else {
// ERROR // ERROR
} }
} }
// Command line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 // Command line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512
// grab everything before the next space - we don't want arguments
else { else {
file_path = line.substring(TAG.length()); file_path = line.substring(TAG.length());
if (file_path.contains(" ")) { if (file_path.contains(" ")) {
@ -543,11 +545,12 @@ class VolatilityProcessor implements Runnable{
} }
fileSet.add(file_path.toLowerCase()); fileSet.add(file_path.toLowerCase());
} }
} }
} }
br.close(); } catch (FileNotFoundException ex) {
} catch (IOException ex) { logger.log(Level.SEVERE, "Error opening cmdline output", ex);
//Exceptions.printStackTrace(ex); } catch (IOException ex) {
logger.log(Level.SEVERE, "Error parsing cmdline output", ex);
} }
return fileSet; return fileSet;
} }